Skip to main content

Cyware Orchestrate

Release Notes 3.3.0

We are excited to introduce you to the latest version of Orchestrate v3.3.0 This release comes with new features, enhancements, and bug fixes.

New Features

Manage Large Input and Output Data

Orchestrate now has the ability to handle large volumes of data in the following scenarios:

  • Download Large Data: Analysts can preview data up to 4 MB and download data up to 64 MB in JSON format for offline analysis of the following features:

    • Input and output data of a Playbook node

      Download_Large_Data_SS_3_3.png
    • Event or run log selection to run Playbooks

      EVENT_selection_3_3_RN.png
    • Event data of trigger events

      Trigger_Events_SS_3_3_RN.png
  • Manual Input to Run Playbooks: Orchestrate enables analysts to import up to 64 MB of JSON data and pass it as input for playbook execution.

    Run_Time_Input_3_3_RN.png

Create App Instances from Playbook Canvas

Analysts can create new instances of an app in the Playbook canvas. This eliminates the need for analysts to navigate to the Apps section to create instances thereby saving time and effort, and significantly improving the overall user experience.

Create_Instance_SS_3_3_RN.png

Run Logs for Triggered Events

Analysts can view the run logs of playbooks that are executed by an event from the Trigger Events listing page. This helps analysts to view the run logs with minimum effort and respond faster to threats.

Trigger_Events_Listiong_3_3_RN.png

Enhancements

Playbook Store

Cyware Playbooks, a collection of all the out-of-the-box orchestration Playbooks is now available as Playbook Store.

In addition to the existing capabilities, the Playbook Store offers the following enhancements:

  • Previously, importing a Playbook created multiple copies of the same Playbook. Now, users can import Playbooks from the Playbook Store with an option to either create a new Playbook of the same name or replace an existing Playbook.

  • The Imported label helps analysts to distinguish and identify the imported Playbooks from the list of all the Playbooks available in the Playbook Store.

  • The New label enables analysts to identify the Playbooks published in the last 14 days.

  • The Playbook category on the listing page assists analysts to identify Playbooks based on the security use cases, such as incident enrichment, asset management, and more.

    PB_Store_3_3_RN.png

Playbook Node

The usability of the playbook node is improved with the following enhancements:

  • Previously, the node input was automatically saved in the run logs. To optimize data storage, users can now choose to exclude the node input from run logs by disabling the Save Node Input option.

    Save_Node_Input_3_3_RN.png
  • The Playbook run logs now display the execution time of each node to enable analysts to review and optimize the node performance. This also helps in identifying nodes that are taking additional time to execute and potentially causing delays in the Playbook's execution.

    Node_Execution_Latest.png

View Documentation of App Nodes

The link to view the documentation is now available in the same interface while adding an app node to the playbook workflow. This eliminates the need for analysts to navigate to the Apps section to view the app documentation.

View_Doc_Latest_3_3_RN.png

Add App Action Nodes with No Instances

While building a Playbook workflow, analysts can now view and select an app action even if the app instance is not configured. This provides analysts with the flexibility to choose from a list of app actions with or without instances and subsequently configure app instances.

Unique IDs for Triggered Events and Run Logs

To optimize search in Playbook run logs and triggered events, the following enhancements are introduced:

  • A run log is now associated with a unique ID for easier identification and tracking. For example, RL6e5daa85-0

  • The existing ID of triggered events is now trimmed to 12 characters. For example, TE2b8b284b-b

Regenerate Open API Token

Orchestrate allows administrators to regenerate an open API token. This helps save time for administrators as it eliminates the need to create new open APIs each time when users do not have access to existing open API tokens.

3_3_Open_API.png

Easy Access to Playbook Run Logs

The option to view run logs for a playbook was previously available under Statistics on the playbook listing page. In this release, you can view run logs by hovering over a playbook and clicking Run Logs.

PB_Run_logs_latest_3_3_RN.png

Dedicated RBAC for Authentication Module

The authentication-related permissions were earlier available under the Configurations module. In this release, a dedicated RBAC (role-based access control) is introduced for the Authentication module. This offers better control to define authentication-related permissions to user groups.

Authentication_3_3_RN.png

Override App Versions while Importing

The workflow to import a custom app is now enhanced with an option to override an existing app version. This allows analysts to import and replace the existing app configurations instead of creating new versions of the app.

Override_App_RN_3_3.png

Bug Fixes

The issue in the Action Retry Count for Cyware Agent-enabled app nodes is now resolved.